Table of Contents
Advertisement
The Remoting Service provides the following capabilities:
Locating remote objects: This is achieved through metadata that describes the object name or
registration token, although the actual location is not required, because the iSCALE message
bus allows for location transparency.
Communicating with remote objects: Details of communication between remote objects are
handled by the iSCALE message bus.
Object streaming and chunking: When large amounts of data need to pass back and forth
from the client to the server, these objects are optimized to load the data on demand.
Callbacks: Another pattern and layer of abstraction built into the Remoting Service that allows
for PTP remote object communication.
Service monitoring and statistics: Provides performance and load statistics for using these
remote services.
Data Access Service
Data Access Service (DAS) is an object management service that allows users to define objects
using metadata. DAS manages the object and access to objects and automates transmission and
persistence. DAS also serves as a facade for accessing data from any persistent data store such as
databases, directory services, or files. The operations of DAS include uniform data access through
JDBC, and high-performance event insert strategies using native Connectors.
Query Manager Service
The Query Manager Service orchestrates drill-down and event history requests from the Sentinel
Control Center. This service is an integral component for implementing the paging algorithm used in
the Event History browsing capability. It converts user-defined filters into valid criteria and appends
security criteria to it before events are retrieved. This service also ensures that the criteria do not
change during a paged event history transaction.
Correlation Service
Sentinel's correlation algorithm computes correlated events by analyzing the data stream in real
time. It publishes the correlated events based on user-defined rules before the events reach the
database. Rules in the correlation engine can detect a pattern in a single event of a running window
of events. When a match is detected, the correlation engine generates a correlated event describing
the found pattern and can create an incident or trigger a remediation workflow through ActiveMQ.
The correlation engine works with a rules checker component that computes the correlation rule
expressions and validates the syntax of filters. In addition to providing a comprehensive set of
correlation rules, Sentinel's correlation engine provides specific advantages over database-centric
correlation engines.
By relying on in-memory processing rather than database inserts and reads, the correlation
engine performs during high steady-state volumes as well as during event spikes when under
attack, which is the time when correlation performance is most critical.
The correlation volume does not slow down other system components, so the user interface
remains responsive, especially with high event volumes.
404 Sentinel 6.1 Rapid Deployment User Guide
Advertisement
Table of Contents
Related Manuals for Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
Related Products for Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
- NOVELL SENTINEL 6.1 SP1 HOTFIX 2 - READ ME 9-2009
- NOVELL SENTINEL 6.1.1.0 - README
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 06-15-2009
- NOVELL NETWARE 6-DOCUMENTATION
- NOVELL ZENWORKS PATCH MANAGEMENT 6.3 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - AGENT
- Novell NETWARE 6
- Novell SENTINEL 6.1 SP2
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - INSTALLATION GUIDE 12-2009
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 SP2 - SERVER
- Novell 3.6 05-2008
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP 2
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER